Sat.Jul 03, 2021 - Fri.Jul 09, 2021

Ransomware Defense: Top 5 Things to do Right Now

Threatpost

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware. InfoSec Insider Malware

Why the Password Isn't Dead Quite Yet

WIRED Threat Level

Everyone hates the old ways of authentication. But while change is closer than ever, it comes with its own drawbacks. Security Security / Security News

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Biden Orders Investigation of Kaseya Ransomware Attack

Data Breach Today

REvil Malware Suspected of Infecting Scores of IT Management Companies, Clients U.S. President Joe Biden has ordered federal intelligence agencies to investigate the incident involving IT management software vendor Kaseya.

Microsoft Issues Emergency Patch for Windows Flaw

Krebs on Security

Microsoft on Tuesday issued an emergency software update to quash a security bug that’s been dubbed “ PrintNightmare ,” a critical vulnerability in all supported versions of Windows that is actively being exploited.

IT 232

Address the Challenges of Siloed Monitoring Tools

Companies frequently experience monitoring tool sprawl. Find out why monitoring tool sprawl occurs, why it’s a problem for businesses, and the positive business impacts of monitoring tool consolidation.

ROUNDTABLE: Kaseya hack exacerbates worrisome supply-chain, ransomware exposures

The Last Watchdog

It was bound to happen: a supply-chain compromise, ala SolarWinds, has been combined with a ransomware assault, akin to Colonial Pipeline, with devasting implications. Related: The targeting of supply chains. Last Friday, July 2, in a matter of a few minutes, a Russian hacking collective, known as REvil, distributed leading-edge ransomware to thousands of small- and mid-sized businesses (SMBs) across the planet — and succeeded in locking out critical systems in at least 1,500 of them.

More Trending

Kaseya Attack: REvil Offers $70 Million 'Super Decryptor'

Data Breach Today

Yet Another Ransomware Attack Targets Managed Service Providers to Maximize Profits The REvil ransomware operation behind the massive attack centering on Kaseya, which develops software used by managed service providers, has offered to decrypt all victims - MSPs as well as their customers - for $70 million in bitcoins.

Spike in “Chain Gang” Destructive Attacks on ATMs

Krebs on Security

Last summer, financial institutions throughout Texas started reporting a sudden increase in attacks involving well-orchestrated teams that would show up at night, use stolen trucks and heavy chains to rip Automated Teller Machines (ATMs) out of their foundations, and make off with the cash boxes inside.

SHARED INTEL: ‘Credential stuffers’ leverage enduring flaws to prey on video game industry

The Last Watchdog

The video game industry saw massive growth in 2020; nothing like a global pandemic to drive people to spend more time than ever gaming. Related: Credential stuffers exploit Covid 19 pandemic. Now comes a report from Akamai detailing the extent to which cyber criminals preyed on this development. The video game industry withstood nearly 11 billion credential stuffing attacks in 2020, a 224 percent spike over 2019.

Amazon Echo Dots Store a Wealth of Data—Even After a Reset

WIRED Threat Level

Thinking about selling your smart speaker? Be aware that you can't completely delete personal content from the device. Security Security / Privacy

Cloud-Scale Monitoring With AWS and Datadog

In this eBook, find out the benefits and complexities of migrating workloads to AWS, and services that AWS offers for containers and serverless computing.

Biden Faces Russian Ransomware Curtailment Challenge

Data Breach Today

White House Tells Moscow: Take Action, or We 'Reserve the Right' to Do So The Biden administration has a message for Russia: Rein in the criminal hackers operating from inside your borders who hit Western targets, or we'll do it for you.

Kaseya Left Customer Portal Vulnerable to 2015 Flaw in its Own Software

Krebs on Security

Last week cybercriminals deployed ransomware to 1,500 organizations that provide IT security and technical support to many other companies. The attackers exploited a vulnerability in software from Kaseya , a Miami-based company whose products help system administrators manage large networks remotely.

IT 157

Insurance firm CNA discloses data breach after March ransomware attack

Security Affairs

Insurance giant CNA notifies customers of a data breach after the Phoenix CryptoLocker ransomware attack suffered in March. US insurance giant CNA is notifying customers of a data breach after the ransomware attack that it suffered in March.

Vulnerability in the Kaspersky Password Manager

Schneier on Security

A vulnerability (just patched) in the random number generator used in the Kaspersky Password Manager resulted in easily guessable passwords: The password generator included in Kaspersky Password Manager had several problems.

What E-Commerce Performance Metrics Are CTOs Monitoring?

In this eBook, Danny Miles, CTO of Dollar Shave Club, reveals an efficient framework for thinking about and prioritizing the performance metrics that matter most to him, providing a blueprint for fellow e-commerce CTOs to follow as they evaluate their own business.

Kaseya: Up to 1,500 Organizations Hit in Ransomware Attack

Data Breach Today

Software Vendor Quiet on Whether It Might Pay for REvil's Full Decryption Tool Software vendor Kaseya suspects that 800-1,500 organizations - mostly small businesses - were compromised via a ransomware attack that exploited its VSA remote management software.

Europe Makes the Case to Ban Biometric Surveillance

WIRED Threat Level

Companies are racing to track everything about you. It could be a convenient way to reduce fraud—or seriously creepy and discriminatory. Security Security / Privacy

IT 80

Welcoming the Dutch Government to Have I Been Pwned

Troy Hunt

Today I'm very happy to welcome the Dutch government to HIBP, marking 24 national CERTs that now have full and free access to API level domain searches.

Revil ransomware gang hit Spanish telecom giant MasMovil

Security Affairs

Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have stolen sensitive data from the company. “We

9 Developer Enablement Practices to Achieve DevOps at Enterprise Scale

In this eBook, Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.

Kaseya Was Working on Patches Before Ransomware Attack

Data Breach Today

REvil Beat Patching Effort in a 'Final Sprint,' Researcher Says Kaseya, the vendor at the center of a mass ransomware attack, was close to fixing the flaw in its software before the notorious REvil gang struck.

Microsoft Office Users Warned on New Malware-Protection Bypass

Threatpost

Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it. Hacks Vulnerabilities

I Smell a RAT! New Cybersecurity Threats for the Crypto Industry

Dark Reading

The ElectroRAT Trojan attacker's success highlights the increasingly sophisticated nature of threats to cryptocurrency exchanges, wallets, brokerages, investing, and other services

REvil ransomware gang demanded $70M for universal decryptor for Kaseya victims

Security Affairs

REvil ransomware is demanding $70 million for decrypting all systems locked during the Kaseya supply-chain ransomware attack. REvil ransomware is asking $70 million worth of Bitcoin for decrypting all systems impacted in the Kaseya supply-chain ransomware attack.

The Forrester Wave™: B2B Marketing Data Providers, Q2 2021

In our 24-criterion evaluation of B2B marketing data providers, we identified the 11 most significant vendors — Data Axle, Dun & Bradstreet, Enlyft, Global Database, InsideView, Leadspace, Oracle, SMARTe, Spiceworks Ziff Davis, TechTarget, and ZoomInfo Technologies — and researched, analyzed, and scored them. This report shows how each provider measures up and helps B2B marketing professionals select the right one for their needs.

Kroger, British Airways Agree to Settle Data Breach Lawsuits

Data Breach Today

Class Actions Filed Against Each Company After Hacking Incidents U.S.-based based pharmacy and supermarket chain Kroger and U.K.-based based British Airways have each agreed to settle class action lawsuits filed in the wake of two massive data breaches

An Office Phone Flaw Can’t Be Fixed by Cisco Alone

WIRED Threat Level

The company released a patch this week, but security researchers say the root of the problem is beyond its control—and symptomatic of a larger issue. Security Security / Security News

IT 77

Microsoft Releases Emergency Patch for PrintNightmare Bugs

Threatpost

The fix doesn’t cover the entire problem nor all affected systems however, so the company also is offering workarounds and plans to release further remedies at a later date. Vulnerabilities

109
109

Wiregrass Electric Cooperative hit by a ransomware attack

Security Affairs

Wiregrass Electric Cooperative, a rural Alabama electric cooperative was hit by a ransomware attack. Wiregrass Electric Cooperative, a rural Alabama electric cooperative that serves about 25,000 members, was hit by a ransomware attack.

The Unexpected Cost of Data Copies

This paper will discuss why organizations frequently end up with multiple data copies and how a secure "no-copy" data strategy enabled by the Dremio data lake service can help reduce complexity, boost efficiency, and dramatically reduce costs.

The Business of Ransomware: Specialists Help Boost Profits

Data Breach Today

Ransomware-as-a-Service Operations Tap Expert Intrusion Specialists and Negotiators As ransomware attacks become more prolific, their success is being driven by the increasing use of specialists who can refine every stage of an attack.

Microsoft Keeps Failing to Patch a Critical Windows Bug

WIRED Threat Level

For the second time in a month, the company issued an update that doesn't fully address a severe security vulnerability in Windows. Security Security / Cyberattacks and Hacks

Details of the REvil Ransomware Attack

Schneier on Security

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision.